Malware – Removal and Protection

Getting infected by Malware is one of the worst things that could happen to you!

You may notice that your computer is not working as well as it should.

You may think that your computer is completely fine, or you may suddenly experience a shutdown, a crash, or a warning message that tells you that something has gone horribly wrong on your computer.

Malware can reside on your computer unnoticed for months and then suddenly strike.

With malware appearing more and more in the news, you should take as much precaution as possible to protect yourself against the damages. While VPNs and backups are a good first step, there is plenty more that you need to look out for.

What is malware?

“Malware” is a shortened version of the term “malicious software“. The term covers a range of categories of intrusive programs, including:

Computer Viruses

Trojans

Spyware

Adware

Ransomware

Scareware

Clickjackers

Botnet programs

Malware is not just the domain of hackers and thieves. Commercial enterprises regularly use tracking codes and spyware for market research and targeted advertising.

The general definition of malicious software encompasses programs that run on a computer without any benefit to the owner of that computer, but, instead, serve the aims of a third party who got that program onto the computer without permission or through deception.

How do I know if I’m infected by malware?

Most malware is undetectable. By their very nature, spyware and tracking systems do not want you to know that they are on your computer. Viruses can disrupt the behavior of your computer and Trojans traditionally open up a series of websites without your permission.

In the case of ransomware, such as Petya, or WannaCry, you will receive a message asking for money. In these cases, the malware will encrypt all of the files on your computer and demand payment to allow you access again.

Some malware will change key settings on your computer by setting its preferred search engine as your default or hijacking your access to the Internet by setting up a proxy server for your connections.

Another sneaky method some malware may use to control your Internet access is to hijack your DNS service. The Domain Name System is like a directory that maps between Web addresses and Internet addresses. If an intruder can control this setting, he can redirect any calls you make to well-known websites, such as mail systems, and get your browser to show a fake copy instead.

Malware can also force your browser to redirect to a fake website by manipulating the computer’s cache.

Here are some quick checks you can make to look for hijacking in your computers settings.

Check your DNS Settings

Instead of using a proxy to redirect traffic, malware may change your DNS settings. This will also allow hackers to remotely monitor and take control of your computer. You can use the following steps to see if your DNS is being redirected.

Check your DNS Settings in Windows

In Windows, you can use the following steps to check your DNS settings.

In the taskbar right click your internet connection and click Open Network and Sharing Center

Click Change Adapter Settings

Right click the Network you are using, and click Properties

Double click the TCP/IPv4 entry.

The settings under “Use the following DNS server addresses” should be empty

Full Malware Check

While the above checks should help identify if there is some malware, it is absolutely not a guarantee. The best way to check if you have malware is to use a professional tool to find out.

The best malware checking and removal tools currently available on the market are Malwarebytes and Bitdefender. These are available for multiple platforms and operating systems. While they do come with a price, it’s cheaper than losing your data due to an infection.

How do I remove malware?

If you detect changes in the settings that were explained in the previous section, then make an audit of the services that you subscribe to. For example, if you have a browser-based VPN installed, then this will change your proxy settings and you should leave them alone. If you subscribe to a smart DNS service, then the SNS setting will have values in them. In all other cases just turn off the DNS and proxy capability by clicking on the radio buttons at the top of those settings sections. This action will wipe out any settings written into those sections.

The problem with malware is that you don’t know you have it until it is too late. Even top quality malware detection programs such as the Malicious Software Removal Tool from Microsoft cannot identify a malicious program if it is dormant at the time of a sweep.

Rootkit programs get into the operating system to disguise their presence. By identifying themselves as other, legitimate programs or blocking the task manager from detecting their activities, they transform their processes into invisible or acceptable programs that malware removal tools would not touch. If you have become a victim of active malware, it will be very difficult to remove it. The best option you have is to avoid getting that malware on your computer in the first place.

How to protect against malware

The majority of residential users access the Internet through a WiFi router, which already has firewall protection built in. The ability of hackers to get into your computer remotely and insert malicious software is now completely blocked.

You do not get malicious software on your computer unexpectedly. Hackers have developed methods to trick you into inviting this damaging software in. The only way you can be protected from malware is to change your habits.

These are some of the key methods that hackers use to get into your computer:

PDF files

Flash videos

Email attachments

Non-standard torrent download file formats

Extra utilities for free software

You need to amp up your level of suspicion on the Web and tone down your desperation and urgency when accessing content on the Internet. If you discover a great free app, it could be a trap, just fronting for an install of a piece of malware.

Here are more details on each of those warning bullet points.

PDF Files

The Adobe PDF format contains a number of opportunities for hackers to inject secret code into a document’s formatting instructions. Although these files seem perfectly normal, when you open them, the malware inside will copy programs onto your computer and even create connections back to the hacker’s server. Firewalls prevent unexpected inbound connection requests but do not stop outgoing connections.

The malware hidden in PDFs usually pass antivirus sweeps, so the only way to guard yourself against these programs is to just not open them. Be careful about opening PDFs that come from sources that you do not know well.

Three steps that you can take to prevent malware getting on your system through PDF files are:

Adobe Flash Player

In addition to the Acrobat format, Adobe is also the owner of the Flash Player. This software offers another route for hackers to get malware onto your computer.

A streaming Flash video gets downloaded into a temporary folder in the programs section of your computer. The Flash file system contains a number of directories for cookies that hackers can use to download malware into.

The malware isn’t disguised as a video, it piggybacks onto a streaming playback, so the firewall and anti-malware software on your computer will let the malicious program through, thinking it is part of the essential code needed to get the video to play.

When you use standard methods to clear out the cache of your browser or deleted all cookies, Flash files are left in place because they are not stored in the standard directories that belong to the browser program’s file structure.

Email attachments and torrent downloads

The best protection against malware in emails and torrent downloads is caution. Only open email attachments if they come from someone you know and trust. Be particularly cautious about downloading files that have file extensions that you don’t recognize. Stick to media files that have well-known file types, such as MP3 or MP4.

You should be particularly cautious of zip files. These compressed directories are great for transferring large files in a short time, but they can also be disguised installer programs.

If you have an anti-virus program running on your computer it will warn you when you try to download or run suspicious files.

Protection for Macs

There is nothing about the Mac OSX operating system that makes it immune from malware. More than 7,000 Macs became infected by the KeRanger ransomware in 2016. This malware got onto computers through the Transmission BitTorrent client.

Unfortunately, Mac users even have to be cautious about installing anti-malware programs, because there are a number of fake security systems out there that are actually malware. These include Mac Defender, Mac Protector, and Mac Security.

Apple is notorious for the level of control it has over the availability of software for its operating system. In the interests of keeping your Mac malware-free, stick to a policy of only allowing software from the Apple Store onto your computer.

Extra utilities for free software

When you install a program or an update, you probably want to get the installation to finish quickly, and you might even be distracted by another app that you are running at the same time as the installer. This is a mistake. Even legitimate software companies use program installers to slip extra unwanted utilities onto computers and also install toolbars and change browser settings. You may find that you suddenly have a different New Tab layout and your default search engine has changed.

These alterations to the settings of your browser were probably made with your permission. All those pages you have to go through in order to get a program installed sometimes include sneaky little extras. If you pay no attention to what each of these pages actually says, but just click through on the Next button, you give the installer your permission to install extra software and change the settings of your browser.

Your anti-virus software won’t warn you about the installation of these extra programs because you already gave permission for the installer to run. The only way to defend your computer against sneaky extras is to be cautious and vigilant.

Backup your Data

Another important step for helping against the damages of malware is by constantly backing up your data. By using the 3-2-1 backup methodology, even if your data is compromised, whether by malware, or another reason, you will be able to recover all of your data.

The 3-2-1 backup method means that you have 3 total backups, in 2 different locations. Generally, this means the following:

Malware in the News

Ransomware has become a headline grabbing branch of malware over the last couple of years. Following on from the KeRanger attack of 2016, the WannaCry attack of early 2017 crippled hospital equipment and government servers as well as the computers of individuals. By mid-2017, another ransomware attack, called Petya hit the headlines. Analysis of WannaCry and Petya code revealed that these two programs were actually based on the same underlying hacking method, which was created by the NSA in the United States.

Ransomware

WannaCry and Petya exploited a security loophole in Windows. The software giant already had system updates to protect against this weakness, but not everyone in the world had installed this fix, leaving them vulnerable. So, an important lesson to take away from the WannaCry event is that it is wise to keep all of your software up to date.

Petya had less luck in finding victim computers that hadn’t been kept up to date. However, that software had two other routes onto target computers. These included a method that slipped through on an accounting program’s update installer.

Ransomware frequently gets distributed through email attachments, so avoiding opening those should help you avoid an attack.

Cybersecurity companies have come out with immunizers against WannaCry and Petya. As these two programs were created from the same hacker toolkit, it is likely that other variants will appear regularly throughout the year. Installing an immunizer should keep you safe against all of these future versions of ransomware.

Minerva Labs has a free WannaCry immunizer, called Vaccinator. A VPN company, called CyberGhost offers a free immunizer against Petya and other ransomware. Keeping your software up to date, being cautious about downloads and attachments and installing specialist protection software should keep you out of the loop when the next wave of ransomware sweeps the world.

Malware Removal Conclusion

Malware has evolved since the early days of computer viruses. Keep your computer up to date and avoid taking risks with downloads. Although malware can be devastating, there are simple steps that you can take to minimize any damage.

Namely, always, always have a solid security solution (VPN, Antivirus and Malware Defense), and keep regular backups of all of your systems.